Open jeffpeiyt opened 8 years ago
Spike already uses a double-window which is probably a sort of moving average (stock brokers use these to detect upturns/downturns, I think). Are you sure it isn't sufficent for what you need, @jeffpeiyt?
Thanks for your kind guidance. The spike described here only measured the frequency of the events happening. However, we would like to work on the values of the events to get its moving avg.
Spike Detection in a Time-Series
The simplest thing you should start by doing is to compute a moving average of your input values. If your series is x1,x2,...x1,x2,..., then you would compute a moving average after each observation as:
Mk=(1−α)Mk−1+αxkMk=(1−α)Mk−1+αxk
where the αα would determine how much weight give the latest value of xkxk.
If your new value has moved too far away from the moving average, for example
xk−MkMk>20%xk−MkMk>20%
then you raise a warning.
Same here. We're collecting both statsd and collectd metrics on ES and would love the spike type rule to compare on avg/sum/etc of some field values for both time windows. Not sure if can be done or, how complex would be to code a new Rule module for it. Advice on any/both subjects is welcome.
Found #1288, which might be useful.
Is there any progress on this? 😄 I've read the #1288 but don't see any solution in it for me
Thanks in advance
Same situation here. Any alternatives/work around for this?
Hi,
This is awesome! We would like to ask for a feature request of a new rule with spike on values / pct gap compared with history[avg, std dev, in duration].
Alert send when the value is more than k% or value diff from the history. K could be relavent to the history's avg and std dev.
thanks,